Fedora Account System
Red Hat Associate
Red Hat Customer
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:10517 https://access.redhat.com/errata/RHSA-2024:10517
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.5 for RHEL 8 Via RHSA-2024:10908 https://access.redhat.com/errata/RHSA-2024:10908
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0654 https://access.redhat.com/errata/RHSA-2025:0654
This issue has been addressed in the following products: Red Hat OpenShift Dev Spaces 3 Containers Via RHSA-2025:0892 https://access.redhat.com/errata/RHSA-2025:0892
This issue has been addressed in the following products: RHODF-4.17-RHEL-9 Via RHSA-2025:1824 https://access.redhat.com/errata/RHSA-2025:1824
This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2025:1829 https://access.redhat.com/errata/RHSA-2025:1829
This issue has been addressed in the following products: RHODF-4.15-RHEL-9 Via RHSA-2025:1865 https://access.redhat.com/errata/RHSA-2025:1865
This issue has been addressed in the following products: RHODF-4.14-RHEL-9 Via RHSA-2025:1866 https://access.redhat.com/errata/RHSA-2025:1866
This issue has been addressed in the following products: RHODF-4.18-RHEL-9 Via RHSA-2025:2652 https://access.redhat.com/errata/RHSA-2025:2652
This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.14 Via RHSA-2025:3069 https://access.redhat.com/errata/RHSA-2025:3069